Privacy Policy

Brill Motors respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit our showroom, use our website or mobile services, contact us, sell a vehicle through us, or buy a vehicle or related services from us.

It also explains your rights under Kenyan law, including the Data Protection Act, 2019, and how you can exercise those rights.

This Privacy Policy should be read together with our Terms and Conditions and any other notices that we may provide at the point where we collect personal data from you.

1. Definitions and Interpretation

For the purposes of this Privacy Policy:

Applicable Law

means the Constitution of Kenya and all relevant laws and regulations relating to privacy and data protection, including the Data Protection Act, 2019, and any guidelines, rules, or codes of practice issued under it.

Personal Data

means any information about an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, for example by a name, identification number, location data, online identifier, or factors relating to physical, mental, economic, cultural, or social identity.

Special Category Data

means sensitive personal data such as health information, biometric data, race or ethnic origin, religious beliefs, and criminal records.

Data Subject

means the individual to whom the personal data relates.

Controller

means the person or organisation which determines the purpose and means of processing personal data. For the purposes of this Privacy Policy, Brill Motors acts as the Data Controller.

Processor

means a person or organisation which processes personal data on behalf of a Controller.

Sub-processor

means a processor engaged by another processor to carry out specific processing activities.

Third Party

means any person or organisation that is not the Data Subject, Controller, Processor, or Sub-processor, and is not authorised to process personal data under the direct authority of the Controller or Processor.

Online and Mobile Services

means the services that Brill Motors offers through its website, mobile application, and digital platforms.

Website

means the Brill Motors website and any related online interface that we operate.

We, Us, Our

means Brill Motors.

Unless the context requires otherwise:

• Words in the singular include the plural and vice versa.
• Any reference to one gender includes all other genders.
• Headings are for convenience only and do not affect interpretation.

2. The Data We Collect

We may collect, use, store, and transfer different categories of personal data about you, including:

We may also create anonymised or aggregated data from your personal data. Once anonymised, this data can no longer identify you and is not treated as personal data.

We do not knowingly collect or process personal data of minors without the consent of a parent or legal guardian.

3. How We Collect Your Personal Data

We collect personal data from you in several ways:

3.1 Data You Provide Directly

You may give us your personal data when you:

• Visit our showroom or contact us by phone, WhatsApp, SMS, or email.
• Inquire about or purchase a vehicle or related services.
• Sell a vehicle to us or through us.
• Request importation of a vehicle on your behalf.
• Apply for or request help with financing or insurance through our partners.
• Create or use an account on our Website or mobile application.
• Subscribe to our marketing messages, newsletters, or updates.
• Enter a promotion, campaign, or survey.
• Apply for a job with us or submit your CV.

3.2 Data We Collect Automatically

When you use our Website or Online and Mobile Services, we may automatically collect:

• Technical Data about your device and connection.
• Usage Data about how you use our Website and services.

We collect this information using cookies and similar technologies.

3.3 Data We Receive from Third Parties

We may receive personal data about you from:

• Banks and finance partners that you authorise to share information.
• Insurance companies and brokers that help arrange cover for your vehicle.
• Government and regulatory databases where allowed by law.
• Public sources such as company registries or publicly available social media profiles.
• Credit reference bureaus and fraud prevention agencies where necessary and lawful.
• Previous vehicle owners or dealers, where details are needed to complete a transaction.

3.4 Third-Party Websites and Services

Our Website may contain links to third-party websites, plug-ins, or applications. If you follow those links, third parties may collect data about you. We do not control these third-party websites and are not responsible for their privacy practices. You are encouraged to read the privacy policy of each external site you visit.

4. How We Use Your Personal Data

We will only use your personal data where we have a lawful basis to do so. The main legal bases we rely on are:

• Your consent.
• Performance of a contract with you or steps at your request before entering into a contract.
• Compliance with a legal obligation.
• Our legitimate interests, where these interests are not overridden by your rights and freedoms.
• Protection of vital interests or public interest, where applicable.

4.1 Main Purposes of Processing

We may use your personal data for the following purposes:

4.2 Special Category Data

In limited cases, we may process special category data, for example:

• For background checks if required by law.
• For safety or emergency situations at our premises.

We will only process this type of data where allowed by law and where there is an appropriate legal basis, such as your explicit consent, legal obligation, vital interests, or public interest.

5. Marketing

5.1 Marketing from Brill Motors

We may use your Identity, Contact, Usage, and Profile Data to form a view on which vehicles, offers, or services may interest you and to send you marketing messages.

You may receive marketing messages from us if:

• You have purchased a vehicle or service from us; or
• You have requested information from us; and
• You have not opted out of marketing.

5.2 Third-Party Marketing

We will only share your personal data with third parties for their own marketing activities where you have given us clear consent.

5.3 Opting Out

You can ask us to stop sending you marketing messages at any time by:

• Following the opt-out instructions in a marketing SMS or email; or
• Contacting us using the details at the end of this Policy.

Opting out of marketing messages will not affect service-related communications such as transaction notifications, safety notices, or warranty information.

6. Cookies and Similar Technologies

We may use cookies and similar technologies to:

• Recognise you when you return to our Website.
• Remember your preferences and saved searches.
• Understand how users interact with our Website and improve our services.
• Support security and fraud prevention.

Most browsers are set to accept cookies automatically. You can change your browser settings to refuse cookies or to alert you when cookies are being used. If you disable or refuse cookies, some parts of our Website may not function properly.

7. Hyperlinks to Other Sites

Our Website may contain hyperlinks that lead to websites or services operated by third parties.

• These links are provided for your convenience and information.
• Once you leave our Website, this Privacy Policy no longer applies.
• We do not endorse or control the privacy practices of those third-party sites.
• You are encouraged to read the privacy policy of any external website you visit.

8. Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose that is compatible with the original purpose.

If we need to use your personal data for a new purpose that is not compatible with the original one, we will:

• Inform you; and
• Explain the legal basis that allows us to do so; and
• Request your consent where required.

We may process your personal data without your knowledge or consent where this is required or permitted by law.

9. Disclosure of Personal Information

We may share your personal data with:

• Brill Motors staff and authorised representatives who need access to fulfil their duties.
• Professional advisers such as lawyers, auditors, or consultants.
• Financial institutions and insurance partners that you authorise us to work with for financing, insurance, or related services.
• Service Providers and Processors that support our operations, such as IT providers, hosting companies, SMS gateways, or marketing service providers.
• Government authorities, regulators, law enforcement, and courts where required by law or in response to lawful requests.
• Credit reference bureaus and fraud prevention agencies where lawful and necessary.
• Potential buyers or partners in case of a business restructuring, merger, or asset sale, subject to appropriate safeguards.

We require all third parties to handle your personal data securely and to process it only according to our instructions and Applicable Law. We do not permit our service providers to use your personal data for their own independent purposes.

10. Transfer of Personal Data Outside Kenya

There may be situations where your personal data is transferred or stored outside Kenya. This may happen, for example, where:

• Our service providers or data hosting facilities are located outside Kenya.
• We use cloud-based solutions that operate in other jurisdictions.

When we transfer personal data outside Kenya, we will ensure that:

• The destination country has an adequate level of data protection; or
• Appropriate safeguards are in place, such as data protection clauses in our contracts; or
• You have given explicit consent where required by law.

We will take all reasonable steps to ensure that your personal data remains protected to standards that are at least as strict as those required under Kenyan law.

11. How We Keep Your Information Secure

We use a combination of technical, physical, and organisational measures to protect your personal data, including:

• Access controls and authentication.
• Secure storage and encryption where appropriate.
• Regular monitoring of our systems for vulnerabilities and attacks.
• Training and confidentiality obligations for staff who handle personal data.

If we become aware of a personal data breach that may pose a significant risk to your rights and freedoms, we will act in line with legal requirements. This may include notifying you and the relevant regulator.

12. How Long We Keep Your Personal Data

We retain your personal data only for as long as necessary to:

• Fulfil the purposes for which it was collected.
• Meet legal, regulatory, tax, accounting, or reporting obligations.
• Resolve disputes and enforce our agreements.

In deciding the retention period, we consider:

• The type and sensitivity of the data.
• The potential risk of harm from unauthorised use.
• The purposes for processing.
• The applicable legal and regulatory requirements.

In many cases, we are required to keep key records for at least seven years after the end of the relationship. Where we no longer need data in identifiable form, we may anonymise it for research or statistical purposes.

13. Your Rights as a Data Subject

Subject to Applicable Law and some exceptions, you have the following rights:

13.1 How to Exercise Your Rights

If you wish to exercise any of your rights, you may contact us using the contact details set out at the end of this Policy.

We may need to ask for specific information to help confirm your identity. This is to ensure that personal data is not disclosed to a person who has no right to receive it.

We aim to respond to all legitimate requests within a reasonable time. If your request is complex or you have made several requests, it may take longer, and we will keep you updated.

14. Personal Data of Children

Brill Motors does not knowingly collect personal data directly from children without the consent of a parent or legal guardian.

If we become aware that we have collected personal data relating to a child without proper consent, we will take steps to delete that information or obtain valid consent.

Parents or guardians who believe that we hold personal data about a child in their care may contact us to review, correct, or request deletion of that data.

15. Complaints and Internal Handling

We take your privacy seriously and welcome the opportunity to resolve any concerns.

If you have a question or complaint about how we handle your personal data, you may contact us or our designated data protection contact using the details below. We will investigate the matter and respond within a reasonable time.

If you are not satisfied with our response, you have the right to raise the matter with the relevant data protection authority in Kenya.

16. Non-Compliance with this Privacy Policy

If you fail to comply with this Privacy Policy or misuse personal data that we share with you, we may:

• Restrict or terminate your access to our services.
• Decline to enter into contracts or continue a business relationship with you.
• Take any other action that we consider appropriate, in line with Applicable Law.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in:

• Our services,
• Applicable Law, or
• Our internal practices.

When we make material changes, we will update the "Last Updated" date at the top of this document. Where required, we will notify you through appropriate channels. Continued use of our services after changes take effect means that you accept the updated Policy.

18. How to Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, you may contact us using the details below: